Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
129 tokens/sec
GPT-4o
28 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Unaware, Unfunded and Uneducated: A Systematic Review of SME Cybersecurity (2309.17186v1)

Published 29 Sep 2023 in cs.CR

Abstract: Small and Medium Enterprises (SMEs) are pivotal in the global economy, accounting for over 90% of businesses and 60% of employment worldwide. Despite their significance, SMEs have been disregarded from cybersecurity initiatives, rendering them ill-equipped to deal with the growing frequency, sophistication, and destructiveness of cyber-attacks. We systematically reviewed the cybersecurity literature on SMEs published between 2017 and 2023. We focus on research discussing cyber threats, adopted controls, challenges, and constraints SMEs face in pursuing cybersecurity resilience. Our search yielded 916 studies that we narrowed to 77 relevant papers. We identified 44 unique themes and categorised them as novel findings or established knowledge. This distinction revealed that research on SMEs is shallow and has made little progress in understanding SMEs' roles, threats, and needs. Studies often repeated early discoveries without replicating or offering new insights. The existing research indicates that the main challenges to attaining cybersecurity resilience of SMEs are a lack of awareness of the cybersecurity risks, limited cybersecurity literacy and constrained financial resources. However, resource availability varied between developed and developing countries. Our analysis indicated a relationship among these themes, suggesting that limited literacy is the root cause of awareness and resource constraint issues.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (113)
  1. Searching and synthesising ’grey literature’ and ’grey information’ in public health: Critical reflections on three case studies. Systematic Reviews 5, 1 (9 2016), 1–11. https://doi.org/10.1186/s13643-016-0337-y
  2. Luis A Aguilar. 2015. The Need for Greater Focus on the Cybersecurity Challenges Facing Small and Midsize Businesses. https://www.sec.gov/news/statement/cybersecurity-challenges-for-small-midsize-businesses.html
  3. Security Aspects of Virtualization and Its Impact on Business Information Security. https://doi.org/10.1109/ICISCT49550.2020.9080029
  4. N N Ahmed and K Nanath. 2021. Exploring Cybersecurity Ecosystem in the Middle East: Towards an SME Recommender System. Journal of Cyber Security and Mobility 10, 3 (2021), 511–536. https://doi.org/10.13052/jcsm2245-1439.1032
  5. Abdulmajeed Alahmari and Bob Duncan. 2020. Cybersecurity Risk Management in Small and Medium-Sized Enterprises: A Systematic Review of Recent Evidence. In 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, Cyber SA 2020. Institute of Electrical and Electronics Engineers Inc., 1–5. https://doi.org/10.1109/CYBERSA49311.2020.9139638
  6. Abdulmajeed Abdullah Alahmari and Robert Anderson Duncan. 2021. Investigating Potential Barriers to Cybersecurity Risk Management Investment in SMEs. Proceedings of the 13th International Conference on Electronics, Computers and Artificial Intelligence, ECAI 2021 13 (7 2021), 1–6. https://doi.org/10.1109/ECAI52376.2021.9515166
  7. Factors that Influence the Adoption of Information Security on Requirement Phase for Custom-Made Software at SMEs. 2nd International Conference on Computer Applications and Information Security, ICCAIS 2019 2 (5 2019), 1–5. https://doi.org/10.1109/CAIS.2019.8769519
  8. The impact of cybersecurity practices on cyberattack damage: The perspective of small enterprises in Saudi Arabia. https://doi.org/10.3390/s21206901
  9. Security Related Issues in Saudi Arabia Small Organizations: A Saudi Case Study. 21st Saudi Computer Society National Computer Conference, NCC 2018 21 (12 2018), 1–6. https://doi.org/10.1109/NCG.2018.8593058
  10. Maria Bada and Jason R C Nurse. 2019. Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs). https://doi.org/10.1108/ICS-07-2018-0080
  11. Tony Bailetti and Daniel Craigen. 2020. Examining the relationship between cybersecurity and scaling value for new companies. https://doi.org/10.22215/timreview/1329
  12. CEOs’ information security behavior in SMEs: Does ownership matter? https://doi.org/10.3917/sim.173.0007
  13. Y Barlette and A Jaouen. 2019. Information security in SMEs: Determinants of CEOs’ protective and supportive behaviors. https://doi.org/10.3917/sim.193.0007
  14. Tackling Small and Medium Sized Enterprise Problem Loans in Europe; by Wolfgang Bergthaler, Kenneth Kang, Yan Liu, and Dermot Monaghan; IMF Staff Discussion Notes SDN/15/04; March, 2015. Technical Report. INTERNATIONAL MONETARYFUND. https://doi.org/10.5089/9781498384834.006
  15. John M. Blythe and Shane D. Johnson. 2021. A systematic review of crime facilitated by the consumer Internet of Things. Security Journal 34, 1 (3 2021), 97–125. https://doi.org/10.1057/s41284-019-00211-8
  16. Virginia Braun and Victoria Clarke. 2008. Using thematic analysis in psychology. Qualitative Research in Psychology 3, 2 (1 2008), 77–101. https://doi.org/10.1191/1478088706qp063oa
  17. Virginia Braun and Victoria Clarke. 2021. One size fits all? What counts as quality practice in (reflexive) thematic analysis? Qualitative Research in Psychology 18, 3 (7 2021), 328–352. https://doi.org/10.1080/14780887.2020.1769238
  18. Introduction of a Tool-Based Continuous Information Security Management System: An Exploratory Case Study. https://doi.org/10.1109/QRS-C.2018.00088
  19. Bias, prevalence and kappa. Journal of Clinical Epidemiology 46, 5 (5 1993), 423–429. https://doi.org/10.1016/0895-4356(93)90018-V
  20. Cyber Resilience Self-Assessment Tool (CR-SAT) for SMEs. IEEE Access 9 (2021), 80741–80762. https://doi.org/10.1109/ACCESS.2021.3085530
  21. Systematic Approach to Cyber Resilience Operationalization in SMEs. https://doi.org/10.1109/ACCESS.2020.3026063
  22. Carlos R. 2022. jrrombaldo/literature_review: scripts to support literature review. https://github.com/jrrombaldo/literature_review
  23. U K National Cyber Security Centre. 2017. Cyber Security Small Business Guide. https://www.gov.uk/government/publications/cyber-security-what-small-businesses-need-to-know
  24. N A Chandra and M Sadikin. 2020. ISM application tool, a contribution to address the barrier of information security management system implementation. Journal of Information and Communication Convergence Engineering 18, 1 (2020), 39–48. https://doi.org/10.6109/jicce.2020.18.1.39
  25. CISA. 2022. Cyber Guidance for Small Businesses. https://www.cisa.gov/small-business
  26. Jeffrey Cleveland and Abigail Scheg. 2018. Small-Medium Business Information Security Intention Related to Cyberthreat Awareness: A Quantitative Experiment. Ph. D. Dissertation. Northcentral University, Ann Arbor. https://www.proquest.com/dissertations-theses/small-medium-business-information-security/docview/2050026809/se-2?accountid=14511
  27. European Commission. 2020. The EU Cybersecurity Act _ Shaping Europe’s digital future. https://ec.europa.eu/digital-single-market/en/eu-cybersecurity-act
  28. Matt Dickson. 2019. Small firms suffer close to 10,000 cyber-attacks daily | FSB, The Federation of Small Businesses. https://www.fsb.org.uk/resources-page/small-firms-suffer-close-to-10-000-cyber-attacks-daily.html
  29. TOWARD OVERCOMING THE DISPROPORTION BETWEEN THE DEMAND FOR PROFESSIONALS AND THE PROVISION OF TRAINING IN CYBERSECURITY. EDULEARN19 Proceedings 1 (7 2019), 1656–1664. https://doi.org/10.21125/EDULEARN.2019.0485
  30. Information security: The glory and penury of SMEs in the Czech and Slovak Republics. In Int. Conf. Eng. Manag. Commun. Technol., EMCTECH - Proc. Institute of Electrical and Electronics Engineers Inc., 1–7. https://doi.org/10.1109/EMCTECH49634.2020.9261506
  31. Investigation of the Effect of e-Platform Information Security Breaches: A Small and Medium Enterprise Supply Chain Perspective. https://doi.org/10.1109/TEM.2020.3008827
  32. Cybersecurity in Medical Private Practice: Results of a Survey in Audiology. Proceedings - 2020 IEEE 6th International Conference on Collaboration and Internet Computing, CIC 2020 6 (12 2020), 169–176. https://doi.org/10.1109/CIC50333.2020.00029
  33. Darrell Eilts. 2020. An Empirical Assessment of Cybersecurity Readiness and Resilience in Small Businesses. ProQuest Dissertations and Theses 11, 15 (2020), 309. https://www.proquest.com/dissertations-theses/empirical-assessment-cybersecurity-readiness/docview/2392421605/se-2?accountid=135034
  34. CONSORT 2010 statement: Extension to randomised pilot and feasibility trials. Pilot and Feasibility Studies 2, 1 (2016), 64. https://doi.org/10.1186/s40814-016-0105-8
  35. Data-Driven Intrusion Detection System for Small and Medium Enterprises. https://doi.org/10.1109/CAMAD.2019.8858166
  36. European Commission. 2021. Bridging the security, privacy and data protection gap for smaller enterprises in Europe | SENTINEL Project | Fact Sheet | H2020 | CORDIS | European Commission. https://cordis.europa.eu/project/id/101021659
  37. European Commission. 2022. High-Level Guidelines on Cybersecurity for SMEs | Shaping Europe’s digital future. https://digital-strategy.ec.europa.eu/en/library/high-level-guidelines-cybersecurity-smes
  38. European Digital SME Alliance. 2017. Europe needs a cybersecurity strategy to foster its SME ecosystem - European DIGITAL SME Alliance. https://www.digitalsme.eu/europe-needs-cybersecurity-strategy-foster-sme-ecosystem/
  39. EUROSTAT. 2022. Small and medium-sized enterprises (SMEs) - Structural business statistics - Eurostat. https://ec.europa.eu/eurostat/web/structural-business-statistics/small-and-medium-sized-enterprises
  40. FCC. 2016. Cybersecurity for Small Business | Federal Communications Commission. https://www.fcc.gov/general/cybersecurity-small-business
  41. Dávid János Fehér. 2020. Cybersecurity threats of cloud and third-party services in small and medium-sized enterprise environment. Management, Enterprise and Benchmarking in the 21st Century (2020), 36–41. https://www.proquest.com/scholarly-journals/cybersecurity-threats-cloud-third-party-services/docview/2474920793/se-2?accountid=14511
  42. James H Felton Jr. and Oludotun Oni. 2021. Cyber Resilience of Small Business Owners. , 121 pages. https://www.proquest.com/dissertations-theses/cyber-resilience-small-business-owners/docview/2504819573/se-2?accountid=14511
  43. Key Findings. 2016. How Gartner Defines Threat Intelligence. https://www.gartner.com/en/documents/3222217
  44. Ruti Gafni and Tal Pavel. 2019. The invisible hole of information on SMB’s cybersecurity. Online Journal of Applied Knowledge Management 7, 1 (2019), 14–26. https://doi.org/10.36965/ojakm.2019.7(1)14-26
  45. Geiger. 2021. GEIGER - Cybersecurity for SMEs. https://project.cyber-geiger.eu/
  46. Charlotte E. Gill. 2011. Missing links: How descriptive validity impacts the policy relevance of randomized controlled trials in criminology. Journal of Experimental Criminology 7, 3 (9 2011), 201–224. https://doi.org/10.1007/s11292-011-9122-z
  47. Global Cyber Alliance. 2022. GCA Cybersecurity Toolkit for Small Business Handbook. https://gcatoolkit.org/wp-content/uploads/2021/06/GCA-Toolkit-Handbook.pdf
  48. Risk assessment of the sme sector operations during the covid-19 pandemic. https://doi.org/10.3390/ijerph18084183
  49. Thomas Groß. 2021. Fidelity of Statistical Reporting in 10 Years of Cyber Security User Studies. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 11739 LNCS (2021), 3–26. https://doi.org/10.1007/978-3-030-55958-8{_}1
  50. Michael Heidenreich. 2019. Conceptualization of a measurement method proposal for the assessment of IT security in the status quo of micro-enterprises. In Proceedings - 2019 International Conference on Computing, Electronics and Communications Engineering, iCCECE 2019. IEEE, 187–192. https://doi.org/10.1109/iCCECE46942.2019.8941688 Heidt et al. (2019) Margareta Heidt, Jin P. Gerlach, and Peter Buxmann. 2019. Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments. Information Systems Frontiers 21, 6 (12 2019), 1285–1305. https://doi.org/10.1007/s10796-019-09959-1 Higgins et al. (2019) Julian P.T. Higgins, James Thomas, Jacqueline Chandler, Miranda Cumpston, Tianjing Li, Matthew J. Page, and Vivian A. Welch. 2019. Cochrane handbook for systematic reviews of interventions. Wiley. 1–694 pages. https://doi.org/10.1002/9781119536604 Holt (2016) Thomas J. Holt. 2016. The evolution of cybercrime, 2006–2016. In Cybercrime Through an Interdisciplinary Lens. Vol. 1. Routledge, 29–50. https://doi.org/10.4324/9781315618456-9 Huaman et al. (2021) N Huaman, B von Skarczinski, C Stransky, D Wermke, Y Acar, A Dreißigacker, S Fahl, and Baidu; et al.; Facebook; Google; Salesforce; USENIX. 2021. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity21/presentation/huaman Ikuero and Zeng (2022) F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Margareta Heidt, Jin P. Gerlach, and Peter Buxmann. 2019. Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments. Information Systems Frontiers 21, 6 (12 2019), 1285–1305. https://doi.org/10.1007/s10796-019-09959-1 Higgins et al. (2019) Julian P.T. Higgins, James Thomas, Jacqueline Chandler, Miranda Cumpston, Tianjing Li, Matthew J. Page, and Vivian A. Welch. 2019. Cochrane handbook for systematic reviews of interventions. Wiley. 1–694 pages. https://doi.org/10.1002/9781119536604 Holt (2016) Thomas J. Holt. 2016. The evolution of cybercrime, 2006–2016. In Cybercrime Through an Interdisciplinary Lens. Vol. 1. Routledge, 29–50. https://doi.org/10.4324/9781315618456-9 Huaman et al. (2021) N Huaman, B von Skarczinski, C Stransky, D Wermke, Y Acar, A Dreißigacker, S Fahl, and Baidu; et al.; Facebook; Google; Salesforce; USENIX. 2021. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity21/presentation/huaman Ikuero and Zeng (2022) F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Julian P.T. Higgins, James Thomas, Jacqueline Chandler, Miranda Cumpston, Tianjing Li, Matthew J. Page, and Vivian A. Welch. 2019. Cochrane handbook for systematic reviews of interventions. Wiley. 1–694 pages. https://doi.org/10.1002/9781119536604 Holt (2016) Thomas J. Holt. 2016. The evolution of cybercrime, 2006–2016. In Cybercrime Through an Interdisciplinary Lens. Vol. 1. Routledge, 29–50. https://doi.org/10.4324/9781315618456-9 Huaman et al. (2021) N Huaman, B von Skarczinski, C Stransky, D Wermke, Y Acar, A Dreißigacker, S Fahl, and Baidu; et al.; Facebook; Google; Salesforce; USENIX. 2021. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity21/presentation/huaman Ikuero and Zeng (2022) F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Thomas J. Holt. 2016. The evolution of cybercrime, 2006–2016. In Cybercrime Through an Interdisciplinary Lens. Vol. 1. Routledge, 29–50. https://doi.org/10.4324/9781315618456-9 Huaman et al. (2021) N Huaman, B von Skarczinski, C Stransky, D Wermke, Y Acar, A Dreißigacker, S Fahl, and Baidu; et al.; Facebook; Google; Salesforce; USENIX. 2021. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity21/presentation/huaman Ikuero and Zeng (2022) F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ N Huaman, B von Skarczinski, C Stransky, D Wermke, Y Acar, A Dreißigacker, S Fahl, and Baidu; et al.; Facebook; Google; Salesforce; USENIX. 2021. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity21/presentation/huaman Ikuero and Zeng (2022) F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  51. Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments. Information Systems Frontiers 21, 6 (12 2019), 1285–1305. https://doi.org/10.1007/s10796-019-09959-1 Higgins et al. (2019) Julian P.T. Higgins, James Thomas, Jacqueline Chandler, Miranda Cumpston, Tianjing Li, Matthew J. Page, and Vivian A. Welch. 2019. Cochrane handbook for systematic reviews of interventions. Wiley. 1–694 pages. https://doi.org/10.1002/9781119536604 Holt (2016) Thomas J. Holt. 2016. The evolution of cybercrime, 2006–2016. In Cybercrime Through an Interdisciplinary Lens. Vol. 1. Routledge, 29–50. https://doi.org/10.4324/9781315618456-9 Huaman et al. (2021) N Huaman, B von Skarczinski, C Stransky, D Wermke, Y Acar, A Dreißigacker, S Fahl, and Baidu; et al.; Facebook; Google; Salesforce; USENIX. 2021. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity21/presentation/huaman Ikuero and Zeng (2022) F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Julian P.T. Higgins, James Thomas, Jacqueline Chandler, Miranda Cumpston, Tianjing Li, Matthew J. Page, and Vivian A. Welch. 2019. Cochrane handbook for systematic reviews of interventions. Wiley. 1–694 pages. https://doi.org/10.1002/9781119536604 Holt (2016) Thomas J. Holt. 2016. The evolution of cybercrime, 2006–2016. In Cybercrime Through an Interdisciplinary Lens. Vol. 1. Routledge, 29–50. https://doi.org/10.4324/9781315618456-9 Huaman et al. (2021) N Huaman, B von Skarczinski, C Stransky, D Wermke, Y Acar, A Dreißigacker, S Fahl, and Baidu; et al.; Facebook; Google; Salesforce; USENIX. 2021. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity21/presentation/huaman Ikuero and Zeng (2022) F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Thomas J. Holt. 2016. The evolution of cybercrime, 2006–2016. In Cybercrime Through an Interdisciplinary Lens. Vol. 1. Routledge, 29–50. https://doi.org/10.4324/9781315618456-9 Huaman et al. (2021) N Huaman, B von Skarczinski, C Stransky, D Wermke, Y Acar, A Dreißigacker, S Fahl, and Baidu; et al.; Facebook; Google; Salesforce; USENIX. 2021. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity21/presentation/huaman Ikuero and Zeng (2022) F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ N Huaman, B von Skarczinski, C Stransky, D Wermke, Y Acar, A Dreißigacker, S Fahl, and Baidu; et al.; Facebook; Google; Salesforce; USENIX. 2021. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity21/presentation/huaman Ikuero and Zeng (2022) F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  52. Cochrane handbook for systematic reviews of interventions. Wiley. 1–694 pages. https://doi.org/10.1002/9781119536604 Holt (2016) Thomas J. Holt. 2016. The evolution of cybercrime, 2006–2016. In Cybercrime Through an Interdisciplinary Lens. Vol. 1. Routledge, 29–50. https://doi.org/10.4324/9781315618456-9 Huaman et al. (2021) N Huaman, B von Skarczinski, C Stransky, D Wermke, Y Acar, A Dreißigacker, S Fahl, and Baidu; et al.; Facebook; Google; Salesforce; USENIX. 2021. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity21/presentation/huaman Ikuero and Zeng (2022) F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Thomas J. Holt. 2016. The evolution of cybercrime, 2006–2016. In Cybercrime Through an Interdisciplinary Lens. Vol. 1. Routledge, 29–50. https://doi.org/10.4324/9781315618456-9 Huaman et al. (2021) N Huaman, B von Skarczinski, C Stransky, D Wermke, Y Acar, A Dreißigacker, S Fahl, and Baidu; et al.; Facebook; Google; Salesforce; USENIX. 2021. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity21/presentation/huaman Ikuero and Zeng (2022) F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ N Huaman, B von Skarczinski, C Stransky, D Wermke, Y Acar, A Dreißigacker, S Fahl, and Baidu; et al.; Facebook; Google; Salesforce; USENIX. 2021. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity21/presentation/huaman Ikuero and Zeng (2022) F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  53. Thomas J. Holt. 2016. The evolution of cybercrime, 2006–2016. In Cybercrime Through an Interdisciplinary Lens. Vol. 1. Routledge, 29–50. https://doi.org/10.4324/9781315618456-9 Huaman et al. (2021) N Huaman, B von Skarczinski, C Stransky, D Wermke, Y Acar, A Dreißigacker, S Fahl, and Baidu; et al.; Facebook; Google; Salesforce; USENIX. 2021. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity21/presentation/huaman Ikuero and Zeng (2022) F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ N Huaman, B von Skarczinski, C Stransky, D Wermke, Y Acar, A Dreißigacker, S Fahl, and Baidu; et al.; Facebook; Google; Salesforce; USENIX. 2021. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity21/presentation/huaman Ikuero and Zeng (2022) F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  54. A large-scale interview study on information security in and attacks against small and medium-sized enterprises. In 30th USENIX Security Symposium, USENIX Security 2021. USENIX Association, 1235–1252. https://www.usenix.org/conference/usenixsecurity21/presentation/huaman Ikuero and Zeng (2022) F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  55. F E Ikuero and W Zeng. 2022. Improving Cybersecurity Incidents Reporting in Nigeria: Micro and Small Enterprises Perspectives. https://doi.org/10.4314/njt.v41i3.10 Imsand et al. (2020) Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Eric Imsand, Brian Tucker, Joe Paxton, and Sara Graves. 2020. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  56. A survey of cyber security practices in small businesses. In Advances in Intelligent Systems and Computing, Vol. 1055. Springer, 44–50. https://doi.org/10.1007/978-3-030-31239-8{_}4 Jantti (2020) Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  57. Marko Jantti. 2020. Studying Data Privacy Management in Small and Medium-Sized IT Companies. Proceedings of the 2020 14th International Conference on Innovations in Information Technology, IIT 2020 14 (2020), 57–62. https://doi.org/10.1109/IIT50501.2020.9299050 Johannsen et al. (2020) Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andreas Johannsen, Daniel Kant, and Reiner Creutzburg. 2020. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  58. Measuring IT security, compliance and data governance within small and medium-sized IT enterprises. Electronic Imaging 32, 3 (1 2020), 1–11. https://doi.org/10.2352/ISSN.2470-1173.2020.3.MOBMU-252 Kabanda et al. (2018) S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ S Kabanda, M Tanner, and C Kent. 2018. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  59. Exploring SME cybersecurity practices in developing countries. https://doi.org/10.1080/10919392.2018.1484598 Katt and Prasher (2018) Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  60. Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. https://doi.org/10.1145/3241403.3241464 Ključnikov et al. (2019) A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Ključnikov, L Mura, and D Sklenár. 2019. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  61. Information security management in smes: Factors of success. Entrepreneurship and Sustainability Issues 6, 4 (2019), 2081–2094. https://doi.org/10.9770/jesi.2019.6.4(37) Lejaka et al. (2019) Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tebogo Kesetse Lejaka, Adele Da Veiga, and Marianne Loock. 2019. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  62. Cyber security awareness for small, medium and micro enterprises (SMMEs) in South Africa. 2019 Conference on Information Communications Technology and Society, ICTAS 2019 (4 2019), 1–6. https://doi.org/10.1109/ICTAS.2019.8703609 Löffler et al. (2021) Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Emanuel Löffler, Bettina Schneider, Trupti Zanwar, and Petra Maria Asprion. 2021. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  63. CySecEscape 2.0—A Virtual Escape Room To Raise Cybersecurity Awareness. International Journal of Serious Games 8, 1 (1 2021), 59–70. https://doi.org/10.17083/ijsg.v8i1.413 Lynch et al. (2020) Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ivorine M Lynch, Henry A Williams, and Sherree R B Davis. 2020. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  64. Department of Defense Controlled Unclassified Information Compliance: The Impact on Small Business Contractors. https://www.proquest.com/dissertations-theses/department-defense-controlled-unclassified/docview/2419860985/se-2?accountid=14511 Mahn et al. (2021) Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Amy Mahn, Jeffrey Marron, Stephen Quinn, and Daniel Topper. 2021. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  65. Small Business Cybersecurity Corner | NIST. https://doi.org/10.6028/NIST.SP.1271 Mansfield-Devine (2022) Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  66. Steve Mansfield-Devine. 2022. Cyber Security Breaches Survey 2022. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022 Mansfield-Devine (2023) Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  67. Steve Mansfield-Devine. 2023. Cyber Security Breaches Survey 2023. Technical Report 4. UK Government Official Statistics. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2023/cyber-security-breaches-survey-2023 Mayer et al. (2017) P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Mayer, N Gerber, R McDermott, M Volkamer, and J Vogt. 2017. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  68. Productivity vs security: Mitigating conflicting goals in organizations. Information and Computer Security 25, 2 (2017), 137–151. https://doi.org/10.1108/ICS-03-2017-0014 McLilly and Qu (2020) Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  69. Landon McLilly and Yanzhen Qu. 2020. Quantitatively Examining Service Requests of a Cloud-Based On-Demand Cybersecurity Service Solution for Small Businesses. Proceedings - 2020 International Conference on Computational Science and Computational Intelligence, CSCI 2020 (2020), 116–121. https://doi.org/10.1109/CSCI51800.2020.00027 Mierzwa and Scott (2017) Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  70. Stan Mierzwa and James Scott. 2017. Cybersecurity in non-profit and non-governmental organizations. https://www.researchgate.net/publication/314096686_Cybersecurity_in_Non-Profit_and_Non-Governmental_Organizations Mijnhardt et al. (2016) Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Frederik Mijnhardt, Thijs Baars, and Marco Spruit. 2016. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  71. Organizational characteristics influencing sme information security maturity. Journal of Computer Information Systems 56, 2 (2016), 106–115. https://doi.org/10.1080/08874417.2016.1117369 Mitrofan et al. (2020) Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrei-Lauren\textcommabelowtiu Mitrofan, Elena-Veronica CRUCERU, and Andreea BARBU. 2020. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  72. Determining the Main Causes That Lead To Cybersecurity Risks in Smes. Business Excellence and Management 10, 4 (2020), 38–48. https://doi.org/10.24818/beman/2020.10.4-03 Moher et al. (2016) David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Moher, Larissa Shamseer, Mike Clarke, Davina Ghersi, Alessandro Liberati, Mark Petticrew, Paul Shekelle, Lesley A. Stewart, Mireia Estarli, Eliud S.Aguilar Barrera, Rodrigo Martínez-Rodríguez, Eduard Baladia, Samuel Duran Agüero, Saby Camacho, Kristian Buhring, Aitor Herrero-López, Diana Maria Gil-González, Douglas G. Altman, Alison Booth, An Wen Chan, Stephanie Chang, Tammy Clifford, Kay Dickersin, Matthias Egger, Peter C. Gøtzsche, Jeremy M. Grimshaw, Trish Groves, Mark Helfand, Julian Higgins, Toby Lasserson, Joseph Lau, Kathleen Lohr, Jessie McGowan, Cynthia Mulrow, Melissa Norton, Matthew Page, Margaret Sampson, Holger Schünemann, Iveta Simera, William Summerskill, Jennifer Tetzlaff, Thomas A. Trikalinos, David Tovey, Lucy Turner, and Evelyn Whitlock. 2016. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  73. Preferred reporting items for systematic review and meta-analysis protocols (PRISMA-P) 2015 statement. Revista Espanola de Nutricion Humana y Dietetica 20, 2 (12 2016), 148–160. https://doi.org/10.1186/2046-4053-4-1 Mokwetli and Zuva (2018) Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  74. Moraba Mokwetli and Tranos Zuva. 2018. Adoption of the ICT Security Culture in SMME’s in the Gauteng Province, South Africa. 2018 International Conference on Advances in Big Data, Computing and Data Communication Systems, icABCD 2018 (2018), 1–7. https://doi.org/10.1109/ICABCD.2018.8465139 Nasir and Vajjhala (2020) Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  75. Sadiq Nasir and Narasimha Rao Vajjhala. 2020. Evaluating information security awareness and compliance in sub-Saharan Africa: An interpretivist perspective. Proceedings of the 13th IADIS International Conference Information Systems 2020, IS 2020 13 (2020), 187–190. https://doi.org/10.33965/is2020{_}202006r025 Ncubukezi et al. (2020) Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Tabisa Ncubukezi, Laban Mwansa, and Francois Rocaries. 2020. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  76. A Review of the Current Cyber Hygiene in Small and Medium-sized Businesses. In 2020 15th International Conference for Internet Technology and Secured Transactions, ICITST 2020. IEEE, 1–6. https://doi.org/10.23919/ICITST51030.2020.9351339 OECD (2011) OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  77. OECD. 2011. OECD Studies on SMEs and Entrepreneurship SMEs, Entrepreneurship and Innovation. , 126–127 pages. https://doi.org/10.1787/bdb9256a-en Osborn and Simpson (2018) E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  78. E Osborn and A Simpson. 2018. Risk and the Small-Scale Cyber Security Decision Making Dialogue—a UK Case Study. https://doi.org/10.1093/comjnl/bxx093 Ouzzani et al. (2016) Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mourad Ouzzani, Hossam Hammady, Zbys Fedorowicz, and Ahmed Elmagarmid. 2016. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  79. Rayyan—a web and mobile app for systematic reviews. Systematic Reviews 5, 1 (2016), 210. https://doi.org/10.1186/s13643-016-0384-4 Ozkan and Spruit (2019) B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  80. B Y Ozkan and M Spruit. 2019. Cybersecurity standardisation for SMEs: The stakeholders’ perspectives and a research agenda. https://doi.org/10.4018/IJSR.20190701.oa1 Ozkan et al. (2020) Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Bilge Yigit Ozkan, Marco Spruit, Roland Wondolleck, and Verónica Burriel Coll. 2020. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  81. Modelling adaptive information security for SMEs in a cluster. https://doi.org/10.1108/JIC-05-2019-0128 Park et al. (2021) H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ H. Park, Y. Yoo, and H. Lee. 2021. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  82. 7s model for technology protection of organizations. Sustainability (Switzerland) 13, 13 (2021), 7020. https://doi.org/10.3390/su13137020 Pérez-González et al. (2019) D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ D Pérez-González, S T Preciado, and P Solana-Gonzalez. 2019. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  83. Organizational practices as antecedents of the information security management performance: An empirical investigation. https://doi.org/10.1108/ITP-06-2018-0261 Pickering et al. (2021) Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Brian Pickering, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, Pickering Surridge Brian, Costas Boletsis, Ragnhild Halvorsrud, Stephen Phillips, and Mike Surridge. 2021. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  84. It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. https://doi.org/10.1007/978-3-030-77392-2{_}22 Rae and Patel (2020) Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  85. Andrew Rae and Asma Patel. 2020. Developing a security behavioural assessment approach for cyber rating UK MSBs. https://doi.org/10.1109/CyberSecurity49315.2020.9138893 Rae et al. (2019) A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ A Rae, A Patel, Heng S.-H., and Lopez J. 2019. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  86. Defining a New Composite Cybersecurity Rating Scheme for SMEs in the U.K. https://doi.org/10.1007/978-3-030-34339-2{_}20 Raineri and Resig (2020) Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  87. Ellen M Raineri and Jessica Resig. 2020. Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics 22, 12 (2020), 13–23. https://doi.org/10.33423/jabe.v22i12.3876 Ratajczyk et al. (2016) Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Elicia Ratajczyk, Ute Brady, Jacopo A. Baggio, Allain J. Barnett, Irene Perez-Ibara, Nathan Rollins, Cathy Rubiños, Hoon C. Shin, David J. Yu, Rimjhim Aggarwal, John M. Anderies, and Marco A. Janssen. 2016. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  88. Challenges and opportunities in coding the commons: Problems, procedures, and potential solutions in large-N comparative case studies. International Journal of the Commons 10, 2 (9 2016), 440–466. https://doi.org/10.18352/ijc.652 Rawindaran et al. (2021) Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Nisha Rawindaran, Ambikesh Jayal, Edmond Prakash, and Chaminda Hewage. 2021. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  89. Cost Benefits of Using Machine Learning Features in NIDS for Cyber Security in UK Small Medium Enterprises (SME). Future Internet 13, 8 (1 2021), 186. https://doi.org/10.3390/fi13080186 Rhodes (2018) Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  90. Chris Rhodes. 2018. House of Commons Library Business Statistics. House of Commons 12, 1 (2018), 16. https://commonslibrary.parliament.uk/research-briefings/sn06152/ Richardson et al. (1995) W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ W. S. Richardson, M. C. Wilson, J. Nishikawa, and R. S. Hayward. 1995. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  91. The well-built clinical question: a key to evidence-based decisions. ACP journal club 123, 3 (11 1995), A12–A13. https://doi.org/10.7326/acpjc-1995-123-3-a12 Saa et al. (2017) Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Pablo Saa, Oswaldo Moscoso-Zea, Andres Cueva Costales, and Sergio Lujan-Mora. 2017. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  92. Data security issues in cloud-based Software-as-a-Service ERP. Iberian Conference on Information Systems and Technologies, CISTI 12 (7 2017), 1–7. https://doi.org/10.23919/CISTI.2017.7975779 Saban et al. (2021) K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ K A Saban, S Rau, and C A Wood. 2021. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  93. “SME executives’ perceptions and the information security preparedness model”. Information and Computer Security 29, 2 (2021), 263–282. https://doi.org/10.1108/ICS-01-2020-0014 SMESEC (2022) SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  94. SMESEC. 2022. SMESEC - Cybersecurity for SMEs. https://www.smesec.eu/ Statista Inc. (2019) Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  95. Statista Inc. 2019. Cloud IT infrastructure spending worldwide 2013-2026 | Statista. https://www.statista.com/statistics/503686/worldwide-cloud-it-infrastructure-market-spending/ Statista Inc. (2023) Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  96. Statista Inc. 2023. Enterprise public cloud service usage worldwide 2022 | Statista. https://www.statista.com/statistics/511508/worldwide-survey-public-coud-services-running-applications-enterprises/ Tam et al. (2021) T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ T Tam, A Rao, and J Hall. 2021. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  97. The good, the bad and the missing: A Narrative review of cyber-security implications for Australian small businesses. https://doi.org/10.1016/j.cose.2021.102385 Teymourlouei and Harris (2019) Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  98. Haydar Teymourlouei and Vareva Harris. 2019. Effective methods to monitor IT infrastructure security for small business. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019 10 (12 2019), 7–13. https://doi.org/10.1109/CSCI49370.2019.00009 The World Bank (2022) The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  99. The World Bank. 2022. World Bank SME Finance: Development news, research, data | World Bank. , 4 pages. https://www.worldbank.org/en/topic/smefinance Tranfield et al. (2003) David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Tranfield, David Denyer, and Palminder Smart. 2003. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  100. Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review. , 207–222 pages. https://doi.org/10.1111/1467-8551.00375 Ulrich et al. (2020) P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ P Ulrich, V Frank, A Timmermann, Cristani M., Toro C., Zanni-Merk C., Howlett R.J., Jain L.C., and Jain L.C. 2020. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  101. The dark side of data science - An empirical study of cyber risks in German SMEs. 24th KES International Conference on Knowledge-Based and Intelligent Information and Engineering Systems, KES 2020 176 (2020), 2615–2624. https://doi.org/10.1016/j.procs.2020.09.307 United Nations (2017) United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  102. United Nations. 2017. definition-statistics-SMEs. https://tfig.unece.org/contents/definition-statistics-SMEs.html United States International Trade Co (1983) United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  103. United States International Trade Co. 1983. (United States International Trade Commission reports). Technical Report. United States International Trade Commission. www.usitc.gov Vaismoradi and Snelgrove (2019) Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  104. Mojtaba Vaismoradi and Sherrill Snelgrove. 2019. Theme in qualitative content analysis and thematic analysis. Forum Qualitative Sozialforschung 20, 3 (9 2019), 23. https://doi.org/10.17169/fqs-20.3.3376 van Haastrecht et al. (2021) Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max van Haastrecht, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, and Marco Spruit. 2021. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  105. A shared cyber threat intelligence solution for smes. Electronics (Switzerland) 10, 23 (11 2021), 2913. https://doi.org/10.3390/electronics10232913 Van Haastrecht et al. (2021) Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Max Van Haastrecht, Bilge Yigit Ozkan, Matthieu Brinkhuis, and Marco Spruit. 2021. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  106. Respite for smes: A systematic review of socio-technical cybersecurity metrics. Applied Sciences (Switzerland) 11, 15 (8 2021), 6909. https://doi.org/10.3390/app11156909 Verizon Communications Inc (2022a) Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  107. Verizon Communications Inc. 2022a. 2022 Data Breach Investigations Report (DBIR). , 5–108 pages. https://www.verizon.com/business/resources/reports/dbir/ Verizon Communications Inc (2022b) Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  108. Verizon Communications Inc. 2022b. Small Business Cyber Security and Data Breaches | Verizon. https://www.verizon.com/business/resources/articles/small-business-cyber-security-and-data-breaches/ Weisburd et al. (2017) David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ David Weisburd, David P. Farrington, Charlotte Gill, Mimi Ajzenstadt, Trevor Bennett, Kate Bowers, Michael S. Caudy, Katy Holloway, Shane Johnson, Friedrich Lösel, Jacqueline Mallender, Amanda Perry, Liansheng Larry Tang, Faye Taxman, Cody Telep, Rory Tierney, Maria M. Ttofi, Carolyn Watson, David B. Wilson, and Alese Wooditch. 2017. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  109. What Works in Crime Prevention and Rehabilitation: An Assessment of Systematic Reviews. Criminology and Public Policy 16, 2 (2017), 415–449. https://doi.org/10.1111/1745-9133.12298 White et al. (2020) Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Gareth R T White, Robert A Allen, Anthony Samuel, Ahmed Abdullah, and Robert J Thomas. 2020. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  110. Antecedents of Cybersecurity Implementation: A Study of the Cyber-Preparedness of U.K. Social Enterprises. https://doi.org/10.1109/TEM.2020.2994981 Young (2020) J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  111. J A Young. 2020. The development of a red teaming service-learning course. https://aisel.aisnet.org/jise/vol31/iss3/1 Yudhiyati et al. (2021) Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Ratna Yudhiyati, Afrida Putritama, and Diana Rahmawati. 2021. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  112. What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case. Journal of Information, Communication and Ethics in Society 19, 4 (1 2021), 446–462. https://doi.org/10.1108/JICES-03-2021-0035 Zotero (2022) Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/ Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
  113. Zotero. 2022. Zotero | Your personal research assistant. https://www.zotero.org/
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now